The way I can see this resolved is to add a secret switch to avast5.ini that would disable this network communication (and you can PM me the switch so that no one else knows about it).
If such a functionality existed, there wouldn't be anything secret about that switch, everyone could know.
But to implement such a switch, somebody would have to go through all the source code, find all the occurrences where some network connection could be done, change the logic to take that switch into account, decide what to do when the connection is kinda important... and then, somehow, make sure that this is also done for all future features not yet implemented. I am sorry, but I really don't think this is going to happen. Moving the DNS check elsewhere, maybe... but this, giving a guarantee that it won't happen... hardly.
I understand you have to follow some policies, but the fact is that the general trend (especially in AV apps, and especially in end-user products) somehow goes the opposite way - moving a lot of functionality on the network (or into the "could", in the fancy term). And even if not using a "cloud", virus database definitions should be downloaded as quickly as possible... how do you do the updates when avast! is not allowed to connect?
Furthermore, if there's a strict rule regarding network connectivity for security reasons, I'd say such a policy should be enforced in a "hard" way (hardware firewall, or simply a disconnected network) - relying on the fact that you manage to persuade all the programs never to connect anywhere... seems a bit weak to me (but it's just my opinion, and I'm going a bit off topic).